GDPR Company Compliance

It has been over a year since the European Union’s (EU) General Data Protection Regulations (GDPR) took effect, yet a recent study found that companies worldwide have not been adhering to the policies. A study conducted by the Ponemon Institute found that not only are companies not reporting data breaches but are overall unfamiliar with the regulations as a whole.

What Is Included in the GDPR Laws

While the GDPR Laws were created for countries that are a part of the European Union, any countries who trade or have dealings with an E.U. country must also be compliant. The goal of the regulations is to protect data privacy and offers the following protections:

  • The terms of agreement for sharing consumer data must be written in easy-to-understand language so that consumers know where their information will be used
  • Business must notify consumers of a data breach within 72 hours after recognizing it happened
  • People have a right to have businesses erase their data from their systems and forgotten completely

While these seem to be general rights that consumers should have globally, there are still no national data privacy laws in the United States. According to the study, businesses in European countries are not much better with laws in place. Almost half of the respondents experienced a data breach that was required to be reported under the new law but flew under the radar. Less than 20% of businesses were confident in their ability to handle reporting breaches in the allotted time frame.

Company-Wide Compliance Issues

Reporting breaches is not the only issue at hand. The introduction of other data security laws like the California Consumer Privacy Act (CCPA) has caused some confusion as to which laws need to be followed when dealing with consumer data.

To combat this problem, companies have hired specific compliance officers and outside cybersecurity companies to deal with breaches and ensure protocols are being followed. This leads to the problem of the hired workers having a full understanding of the regulations while company heads and other vital employees are uneducated about the proper use of company data.

There has been an increase in cyber risk insurance, but the study showed that many companies are unsure if their policy covers GDPR fines and penalties. Depending on the severity of the penalty, fines can be up to 20 million euros (USD 22 million) or 4% of the company’s total global turnover of the preceding fiscal year. It ultimately comes down to which amount will be higher.

Solutions for Following Data Privacy Laws

While some countries are on their way to compliance with 86% stating they appointed a GDPR data protection officer, others are still lagging behind. Over half of American companies are applying the GDPR rules to their employees but 43% of EU companies have applied the regulations.

Cybersecurity professionals have suggested that companies conduct risk assessments and identify their vulnerabilities with the help of an attorney or proper litigation. These practices can help protect their corporations from cyber risks in the first place.

The best way to store company data and protect it from cyber attacks is to store it using a hardware encrypted storage device. The SecureDrive is a hardware encrypted external portable hard drive that eliminated data leaks and is GDPR compliant. With secure authentication methods and features that put control in the hands of the user, the device is ideal for businesses with sensitive information. If your business needs to improve its compliance strategy, call 1-800-875-3230 for a free evaluation of our SecureDrive products.